commit 42175031ca48e2fba62b97fc802e5df33d5221ff
author Janos Follath <janos.follath@arm.com> Mon Jan 08 13:45:49 2024 +0000
committer Dave Rodgman <dave.rodgman@arm.com> Mon Jan 22 15:58:57 2024 +0000
tree 742d4e7b449da783a831a778891ccb5e4826879c
parent 3a91dad9dceb484eea8b41f8941facafc4520021

Move calculating RR into a separate function

So far we needed it only locally here, but we will need calculating RR
for safe unblinding in RSA as well.

Signed-off-by: Janos Follath <janos.follath@arm.com>

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index 3e1c48c..551fd81 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2039,6 +2039,20 @@
     return ret;
 }
 
+int mbedtls_mpi_get_mont_r2_unsafe(mbedtls_mpi *X,
+                                   const mbedtls_mpi *N)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, N->n * 2 * biL));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(X, N->n));
+
+cleanup:
+    return ret;
+}
+
 /*
  * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
  */
@@ -2153,9 +2167,7 @@
      * If 1st call, pre-compute R^2 mod N
      */
     if (prec_RR == NULL || prec_RR->p == NULL) {
-        MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&RR, 1));
-        MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&RR, N->n * 2 * biL));
-        MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&RR, &RR, N));
+        mbedtls_mpi_get_mont_r2_unsafe(&RR, N);
 
         if (prec_RR != NULL) {
             memcpy(prec_RR, &RR, sizeof(mbedtls_mpi));